Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiGate / FortiOS 6.4.14 Administration Guide
    6.4.14
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0

    FSSO using Syslog as source

    FSSO using Syslog as source

    This example describes how to configure Fortinet Single Sign-On (FSSO) agent on Windows using syslog as the source and a custom syslog matching rule.

    The FSSO collector agent must be build 0291 or later, and in advanced mode (see How to switch FSSO operation mode from Standard Mode to Advanced Mode).

    To configure the FSSO agent on Windows:

    1. Open the FSSO agent on Windows.

    2. Click Advanced Settings.

    3. Go to the Syslog Source List tab.

    4. Select Enable this feature.

    5. Set Syslog Listening Port, or use the default port.

    6. Click Manage Rule.

    7. Create a new syslog rule:

      1. Click Add.

      2. Configure the rule:

        Trigger

        722051

        Logon

        assigned to session

        Username Field

        User <{{:username}}>

        Client IPv4 Field

        IPv4 Address <{{:client_ip}}>

        Client IPv6 Field

        IPv6 Address <{{:client_ipv6}}>

        Group Field

        Group <{{:group}}>

        Groups List Separator

        ,

      3. To test the rule, enter a sample log line, then click Test.

      4. Click OK.

    8. Create a new syslog source:

      1. On the Advanced Settings window, click Add.

      2. Configure the source:

        Name

        VPN-Connection

        IP Address

        192.168.100.12

        Matching Rule

        VPN

        User Type

        External: Users are not defined on the CA and user groups come from the source.

        Remote User: Users are defined on a remote LDAP server and user groups are retrieved from the specified LDAP server. Any group from the syslog messages are ignored. See Connect to a remote LDAP server .

      3. Click OK.

    9. Click OK.

    Connect to a remote LDAP server

    This section describes how to connect to a remote LDAP server to match the user identity from the syslog server with an LDAP server.

    To connect to a remote LDAP server:

    1. Open the FSSO agent on Windows.

    2. Click Advanced Settings.

    3. Go to the Syslog Source List tab.

    4. Click Manage LDAP Server.

    5. Click Add and configure the LDAP server settings:

    6. Click OK.

    7. Select the syslog source and click Edit.

    8. Set User Type to Remote User, and select the LDAP server from the drop-down list.

    9. Click OK.

    Previous
    Next

    FSSO using Syslog as source

    FSSO using Syslog as source

    This example describes how to configure Fortinet Single Sign-On (FSSO) agent on Windows using syslog as the source and a custom syslog matching rule.

    The FSSO collector agent must be build 0291 or later, and in advanced mode (see How to switch FSSO operation mode from Standard Mode to Advanced Mode).

    To configure the FSSO agent on Windows:

    1. Open the FSSO agent on Windows.

    2. Click Advanced Settings.

    3. Go to the Syslog Source List tab.

    4. Select Enable this feature.

    5. Set Syslog Listening Port, or use the default port.

    6. Click Manage Rule.

    7. Create a new syslog rule:

      1. Click Add.

      2. Configure the rule:

        Trigger

        722051

        Logon

        assigned to session

        Username Field

        User <{{:username}}>

        Client IPv4 Field

        IPv4 Address <{{:client_ip}}>

        Client IPv6 Field

        IPv6 Address <{{:client_ipv6}}>

        Group Field

        Group <{{:group}}>

        Groups List Separator

        ,

      3. To test the rule, enter a sample log line, then click Test.

      4. Click OK.

    8. Create a new syslog source:

      1. On the Advanced Settings window, click Add.

      2. Configure the source:

        Name

        VPN-Connection

        IP Address

        192.168.100.12

        Matching Rule

        VPN

        User Type

        External: Users are not defined on the CA and user groups come from the source.

        Remote User: Users are defined on a remote LDAP server and user groups are retrieved from the specified LDAP server. Any group from the syslog messages are ignored. See Connect to a remote LDAP server .

      3. Click OK.

    9. Click OK.

    Connect to a remote LDAP server

    This section describes how to connect to a remote LDAP server to match the user identity from the syslog server with an LDAP server.

    To connect to a remote LDAP server:

    1. Open the FSSO agent on Windows.

    2. Click Advanced Settings.

    3. Go to the Syslog Source List tab.

    4. Click Manage LDAP Server.

    5. Click Add and configure the LDAP server settings:

    6. Click OK.

    7. Select the syslog source and click Edit.

    8. Set User Type to Remote User, and select the LDAP server from the drop-down list.

    9. Click OK.

    Previous
    Next